Cyber Security Engineer - SAST/DAST

Our technology services client is seeking multiple Cyber Security Engineer to join their team on a contract basis. These positions offer a strong potential for conversion to full-time employment upon completion of the initial contract period. Role : Cyber Security Engineer. Key Skills : Product Security, CEH Certified, Cyber Security, SAST, DAST, SCA, Vulnerability Management, Web Applications. Experience : 7 -10 Years. Location : Bangalore. Notice Period : Immediate Only. Job Description : Product Security Representative : - Providing privacy and security technical expertise supporting the product team throughout product development, design change, and life-cycle management. - Work with the Product Security Leader (PSL) to support the product team with process expertise for Healthcare Product Cybersecurity Standards and life-cycle management. Product cybersecurity development responsibilities : - Assess the privacy and cybersecurity state of the product and define product roadmap features/ enhancements with stakeholder approval. - Responsible for security architecture and coordination of product development for cybersecurity features and enhancements. - Assess product components and SBoM are integrated into the product. - Perform defect management for cybersecurity issues. - Identify operational responsibilities and adherence to cloud standards for cloud-based products. - Responsible for Product and Security Manual and MDS2 documentation. - In coordination with the PSL, own and deliver Product Cybersecurity. Standard artefacts, which include : - Design input activities to identify, evaluate, roadmap, and drive cybersecurity and privacy features and enhancements within product development programs. - Create Design Engineering Privacy and Security (DEPS) artefacts for privacy and security risk assessments to engage in domain-specific product threat modelling, attack surface analysis, risk management and reduction. - Coordinates with the PSL to support the product team in scheduling and performing vulnerability scans and cybersecurity assessments. - Lead product Security Technical Design Reviews - Along with the product Lead System Designer (LSD), responsible for the Product Cybersecurity Standard compliance and other pertinent standards and processes. - The released products shall comply with the required regulatory standards & compliance (like FDA, HIPPA, GDPR etc.) - Works with the Product Security team and Quality Assurance & Regulatory Assurance (QARA) on released product life cycle, - Participate in post-market product vulnerability monitoring. - Participate as a Subject Matter Expert to determine product vulnerability impact, investigation, and risk assessment. - Responsible for product vulnerability mitigation and design change. - Responsible for vulnerability tool updates to ensure accurate customer communication. - Address customer and Sales RFP privacy and security feedback/questions. - Provide technical expertise on customer concerns, complaints, and CSO escalations. - Create/Maintain responsible product records within product cybersecurity tools. Mandatory Soft Skills : - Should be able to contribute as an individual contributor. - Should be able to execute his/her responsibility independently. - Focus on self-planning activities. - Firm with communication skills. Mandatory Skills : Security Engineering : - Globally recognised Cyber Security Certifications (Advanced/Expert Level). - Firm with knowledge of OWASP, CVSS, FIPS 140-2/140-3 and DoD RMF. - 7 years of full-time information security with emphasis on technical assessment (system/web application vulnerability assessment, penetration testing, white-box secure code analysis, etc.) and security architecture (design of security controls, secure system design, understanding of identity and authentication management, etc. - The Candidate shall be capable of finding risks/issues and suggesting the best route to remediation, knowing the compensatory controls & guiding the product team for its closure. - Sound understanding of security technologies/techniques like Cryptography, Algorithms, Public key Infrastructure (PKI) Certificate Authority (CA) - Hardware/embedded authentication, OAuth, 2-factor authentication, and white-box code analysis. - Experience with a range of security tools related to SAST (Static Application Security Assessment),. - DAST (Dynamic Application Security Assessment), Vulnerability Management, SCA (Software Composition Analysis),. - Penetration Testing : Web Applications, Thick Clients, Mobile Applications, REST/SOAP Threat Modelling Tools etc. Standard Software Engineering : - Experience in Micro Services using RESTful frameworks. (ref:hirist.tech)

Location: bangalore, IN

Posted Date: 2/16/2025